A typical corporate organization employs the Internet to communicate with customers and vendors, to conduct research, and to perform various other tasks. The organization also creates and maintains confidential and sensitive information, such as financial data, personal information, confidential documents, intellectual property, and customer lists, as part of the usual course of business. Theft of proprietary information is one of the most costly security problems facing organizations today. For example, theft of financial data, customer lists and intellectual property can impact revenues, increase legal costs, and erode long-term competitive advantages.
To minimize access to proprietary information associated with an organization's data storage system, organizations typically utilize authorization systems. Authorization systems utilize predefined policies to determine if a user is allowed to carry out a given operation on a particular resource associated with the data storage system. For example, during operation, when a conventional authorization system receives a resource request from the user, the authorization system compares a user identification or privilege level associated with the request with the preconfigured policy. Based upon the results of the comparison, the authorization system can either allow or deny the user's request to access the resource based upon the associated, preconfigured policy.